Hospital Sisters Health System just lately found out that an email security breach occurred in August 2019. Unauthorized persons potentially accessed e-mail messages and attachments that contain the protected health information (PHI) of 16,167 patients.

Hospital Sisters Health System serves patients in Wisconsin and Illinois with its 15-hospital health system. From August 6, 2019 and August 9, 2019, unauthorized people accessed the email accounts of a number of employees. The health system promptly secured the compromised email accounts by altering passwords. A prominent computer forensic company investigated the breach to find out if the compromised email accounts contained patient data.

The investigators informed Hospital Sisters Health System on December 2, 2019 that attackers potentially accessed patient data. The information found in the compromised email accounts included patient names, dates of birth, and some clinical data. The medical insurance details, driver’s license number oo Social Security number of a number of patients were also exposed.

Hospital Sisters Health System began sending notification letters by mail to all impacted patients on January 31, 2020. People who had their driver’s license number or Social Security number exposed were provided free membership to identity theft protection services. They were also advised to keep track of their financial accounts and explanation of benefits statements carefully and to file a report to law enforcement in case of any suspicious transactions.

Hospital Sisters Health System also took the required steps to enhance email security to avoid identical breaches from happening again in the future.